Republic of Turkey Social Security Institution Implements PalmSecure

"An increase in efficiency in healthcare through process optimization and the use of robust, forgery-proof authentication systems."

Thomas Bengs
Head of Security Solutions, SoBG , Fujitsu FTS

The project

The introduction and installation of a nationwide biometric patient authentication system with Fujitsu PalmSecure for the SSI (Social Security Institution – Turkish National Health System). The project is split into four project phases. Project phase 1 is the introduction phase; and phases 2 - 4 (installation) are now implemented according to the experience gained in phase 1.

The solution

A biometric patient authentication system with Fujitsu PalmSecure sensors and a control box in the form of an onsite terminal comprising of Fujitsu PC components. The database and application servers are located in a central data center. Authentication is carried out by means of palm vein authentication and the national insurance number, which is entered via a keyboard. Integrated in the terminal is a security module that encrypts the data flowing in the direction of the data center. Once it arrives, the data is decrypted and logged in a database. When an insurance-related procedure is opened in the doctor's surgery or at the hospital, a request is made to the national insurance system. This system accesses the logged data of the biometric system, and can then confirm the procedure as valid. The doctor's surgery or the hospital can then begin with the invoicing.

General conditions

Healthcare in Turkey is currently in a period of transitional phase under the influence of the Health Transformation Program 2003 – 2013. The aim of the program is to increase the quality and efficiency of the healthcare system and provide simpler access to healthcare facilities.

The participants in the healthcare system are insurance companies, policy holders, doctors' surgeries, pharmacies and hospitals. All have different requirements, but one common goal. Policy holders require medical treatment to be good and fast. This should be possible without any accompanying bureaucratic outlay. The main focus is on health. Service providers, such as doctors, clinics and pharmacists, would like to charge the insurance companies for their services without too much outlay and too many explanations. The administrative outlay should be as low as possible, and the IT simple, robust and value for money. Insurance companies want honest and correct invoicing. It is their responsibility to handle their customer’s insurance payments as carefully as possible. The topic of health and care is paramount to everyone, but the commercial side must also be trouble-free, fast and not generate a great deal of outlay, and everything should be correct.

The aim is to have an efficient process with as few, automated process steps as possible, associated with low costs and a high degree of security and reliability.

The challenge

A holder of a health insurance policy must provide identification when making use of the services so that the service can be correctly invoiced with the insurance company later. The issuing of prescription drugs to the entitled recipient must also be guaranteed. In the past only little value was attached to the unequivocal authentication of the patient, it was sufficient to provide the printed forms of the insurance company, or a health insurance card with more or less authentication details. The result was a high fraud rate and losses running into millions.

There is no standard EU-wide or even world-wide solution for healthcare authentication and invoicing. The type of authentication or type of ID card used in each state is regulated differently on a national basis. As a result of misuse (obtaining services by fraudulent means), invoicing errors and the subsequent need for clarification high costs arise, and consequently the requirements for a flawless, reliable and fast authentication that easy-to-handle in practice and inexpensive are growing.

The solution

One solution that is currently being implemented on a national basis in Turkey is authentication using Fujitsu PalmSecure palm vein authentication. For this purpose, the biometric data of every person have been centrally as a template in a database and encrypted.

An insured person authenticates himself onsite by holding his hand over the palm vein scanner in the doctor's surgery or at the hospital, allowing his vein pattern to be entered as a template. Each insured party also has a national insurance number, which is entered in parallel via a keyboard. The keyboard and hand vein scanner are connected to a control box. The control box comprises of Fujitsu PC components. This includes an integrated security module, which transfers the data (insurance number and palm vein template) together with the location and device data in encrypted form to a biometric application and database server in a central data center. Here, the data is decrypted and then compared and logged in a database server.

In Turkey a central and uniform system takes over the invoicing of the medical services provided. The doctor's surgery or hospital sends the system a request for service invoicing. The insurance system opens a procedure and directs a request to the database server of the biometric system. If the insured party exists and is valid and the last location and date are identical to that of the request, approval is provided by the invoicing system, which is sent to the doctor's surgery or the hospital. No later than 24 hours after sending the invoicing request, approval is available and the services can then be invoiced with the invoicing system. If the insured party is unknown, has no insurance cover or is invalid, a rejection is issued. The doctor's surgery or hospital then knows that the costs must be invoiced directly with the service recipient.

The biometric palm vein sensor technology has proved to be successful in everyday use. The advantages of this technology are:

Age-independent, highly individualized vein structure

Biometric feature concealed in the body

Impervious to dirt, dampness and superficial injuries to the hand

Almost 100% user coverage

Extremely exact and forgery-proof

Ergonomic, simple handling

The benefits

Uncomplicated, fast registration process

Highly secure authentication through palm vein authentication

Extensive application

Extremely high user acceptance

Drastic cost reduction of incorrect invoicing

Automation of service invoicing reduces failure rates and accelerates the entire invoicing process

Biometric data only has to be entered once in a lifetime

The benefits

The Turkish state is consequently pressing ahead with the modernization and efficiency of its infrastructure. The health care of its population is an important building block in this process. The process flows and the technology used reflect the goals. Simple, reasonably priced and robust procedures and technologies, but with the maximum in security and cost-effectiveness. Turkey takes its bearings here from EU standards.

The installed biometric authentication is a procedure that makes processes faster and unsusceptible to errors. Misuse is excluded. This has resulted in administration savings, many process steps have either being automated or even omitted, which is ultimately an advantage to better medical care.